package cn.tedu.dao;

import java.lang.reflect.Method;
import java.net.URL;
import java.sql.*;
import java.util.Scanner;

public class Test2 {
    public static void main(String[] args) {

            //method1();
            //login();
           //login21();
           //login22();
           login23();


    }

    public static void login23() {


        try {
          //注册驱动
            Class.forName("com.mysql.jdbc.Driver");
            //连接数据库
            Connection conn=DriverManager.getConnection(
                    "jdbc:mysql://localhost:3307/cgb2104?characterEncoding=utf8","root","root");

            //提醒用户输入
            System.out.print("请输入用户名：");
            String u=new Scanner(System.in).nextLine();
            System.out.print("请输入用户密码：");
            String p=new Scanner(System.in).nextLine();


            //创建数据库操作语言
            String sql="select  * from user where name =? and pwd=?";
            //使用preparedstatement 防止注入攻击相比Statement。
            PreparedStatement pt=conn.prepareStatement(sql);
            pt.setString(1,u);
            pt.setString(2,p);

            //返回结果集
            ResultSet rs=pt.executeQuery();

            //对结果进行判断

            if (rs.next()) {
                System.out.println("登录成功");
            }else {
                System.out.println("登录失败");
            }
            rs.close();
            pt.close();
            conn.close();

        } catch (ClassNotFoundException | SQLException e) {
            e.printStackTrace();
        }


    }

    public static void login22() {

        //注册驱动
        try {
            Class.forName("com.mysql.jdbc.Driver");

            //连接驱动
            Connection conn=DriverManager.getConnection(
                    "jdbc:mysql://localhost:3307/cgb2104?characterEncoding=utf8","root","root");
           //创建用户输入
            System.out.print("请输入用户名：");
            String u=new Scanner(System.in).nextLine();
            System.out.print("请输入用户密码：");
            String p=new Scanner(System.in).nextLine();


            //对数据库操作
            String sql="select * from user where name=? and pwd=?";
            PreparedStatement pm=conn.prepareStatement(sql);
             pm.setString(1,u);
             pm.setString(2,p);
            //返回结果集
            ResultSet re=pm.executeQuery();

            //对结果集进行操作

            if (re.next()){
                System.out.println("登录成功");
            }else{
                System.out.println("登录失败");
            }
            re.close();
            pm.close();
            conn.close();

        } catch (ClassNotFoundException | SQLException e) {
            e.printStackTrace();
        }

    }

    public static void login21() {
          //模拟用户登录方式二。没有注入攻击问题

        try {
            //1.注册驱动
            Class.forName("com.mysql.jdbc.Driver");
            //2.连接数据库

            Connection conn=DriverManager.getConnection
                    ("jdbc:mysql://localhost:3307/cgb2104?characterEncoding=utf8","root","root");
            //3.获取传输器
            System.out.print("请输入用户名：");
            String u= new Scanner(System.in).nextLine();//获取用户输入的用户名
            System.out.print("请输入密码：");
            String p= new Scanner(System.in).nextLine();//获取用户输入的密码
            String sql="select *from user where name=? and pwd=?";
            //先把sql骨架发给数据库执行
            PreparedStatement ps=conn.prepareStatement(sql);
            ps.setString(1,u);
            ps.setString(2,p);
            ResultSet re= ps.executeQuery();


            if(re.next()){
                System.out.println("登录成功");
            }else {
                System.out.println("登录失败");
            }
            re.close();
            ps.close();
            conn.close();

        }catch (Exception e){
            e.printStackTrace();
        }



    }

    public static void login() {
        //模拟用户登录

        try {


       //1.注册驱动
       Class.forName("com.mysql.jdbc.Driver");
       //2.连接数据库
       String url = "jdbc:mysql://localhost:3307/cgb2104?characterEncoding=utf8";
       String user = "root";
       String pwd = "root";
       Connection conn = DriverManager.getConnection(url, user, pwd);
       //3.连接传输器
        Statement st=conn.createStatement();//此连接器不好

        //4.操作数据库，查询语句
            System.out.print("请输入用户名：");
          String u= new Scanner(System.in).nextLine();//获取用户输入的用户名
            System.out.print("请输入密码：");
          String p= new Scanner(System.in).nextLine();//获取用户输入的密码
           //使用拼接的方式校验用户、、此方式会有注入攻击问题
            //练习拼串
            //String sql="select * from user where name='"+u+"'and pwd='"+p+"'"
       String sql="select * from user where name='"+u+"' and pwd='"+p+"'";
       ResultSet rs=st.executeQuery(sql);
       if(rs.next()){
           System.out.println("登录成功");
       }else {
           System.out.println("登录失败");
       }
       rs.close();
       st.close();
       conn.close();

   }catch (Exception e){

            e.printStackTrace();
        }


    }

    public static void method1()  {
       try {
           //1.注册驱动
           Class.forName("com.mysql.jdbc.Driver");
           //2.连接数据库
           String url = "jdbc:mysql://localhost:3307/cgb2104?characterEncoding=utf8";
           String user = "root";
           String pwd = "root";
           Connection conn = DriverManager.getConnection(url, user, pwd);
           //3.连接传输器
           Statement st = conn.createStatement();

           //4.执行操作语句
           int rows = st.executeUpdate("insert  into dept values (null ,'开发部','北京')");
           System.out.println(rows);//打印影响的行数
           //5.关闭资源

           st.close();
           conn.close();
       }catch (Exception e){
           e.printStackTrace();
           //打印错误信息
       }
    }

}
